Solved: How can I remove all Power role 'write' privileges...

paimonsoror · ‎07-12-2017

Not sure if this is normal, but I noticed that all Power role users have write access to all lookup files. Is there a capability that i have included that is doing that?

Power Group:
Imports user
capabilities: edit_sourcetypes, embed_report, schedule_search, search_process_config_refresh.

I am looking to make the lookup editor available to users so that they can modify their own lookup tables, but i noticed that power users can edit all lookups including the bundled splunk ones 😮

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

View solution in original post

sbbadri · ‎07-12-2017

Try this,

$SPLUNK_HOME/etc/apps/your_app/metadata/default.meta add below lines

LOOKUPS

[lookups]
export = system
access = read : [ * ], write : [ admin, required_role ]

paimonsoror · ‎07-12-2017

Ah ok, makes sense, thought maybe I accidentally included a capability. Thanks!

How can I remove all Power role 'write' privileges from all lookup files

LOOKUPS

LOOKUPS

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!